On Mon, 2013-12-16 at 22:30 -0500, Rob Crittenden wrote: > Dmitri Pal wrote: > > On 12/16/2013 06:46 PM, Galen Brownsmith wrote: > >> My install fails on the invocation of pkispawn with a Socket Error in > >> the pki-ca-spawn log ; anyone have any ideas? (It isn't the issue > >> with special characters in the DM's password, as my Directory Manager > >> and IPA Admin passwords may be 32 characters long, but only contain > >> [A-Za-z0-9_] ) > >> > >> Configuration and Error Messages follow. > >> > >> Target System: Fedora19 64bit LXC Container running on top of a > >> Fedora19 64bit host. Kernel 3.11.10, Q9550 Intel CPU. > >> Attempting to install freeipa server 3.3.3 . SEllinux has been set to > >> 'disabled' on the host and container. > >> > >> /etc/hosts: > >> # IP FQDN Alias(es) > >> 127.0.0.1 localhost.localdomain localhost localhost4 > >> 192.168.253.94 woeg.marphod.net <http://woeg.marphod.net> woeg > >> > >> # Peers > >> 192.168.253.99 skete.marphod.net <http://skete.marphod.net> skete > >> wiki.marphod.net <http://wiki.marphod.net> wiki www.marphod.net > >> <http://www.marphod.net> www > >> [... several more machines] > >> > >> /etc/resolv.conf > >> ; generated by /usr/sbin/dhclient-script > >> search marphod.net <http://marphod.net> > >> nameserver 192.168.253.1 > >> > >> /etc/sysconfig/network: > >> NETWORKING=yes > >> HOSTNAME=woeg.marphod.net <http://woeg.marphod.net> > >> > >> No software firewall on the Container: > >> # iptables -L > >> Chain INPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain FORWARD (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain OUTPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> > >> Not using NetworkManager. The machine has a virtual nic, and is > >> connected to the bridge on the host, and can interact with the outside > >> world. > >> > >> Installation commands: > >> # ipa-server-install --uninstall -U > >> # pkidestroy -s CA -i pki-tomcat > >> # ipa-server-install -N -d --no-host-dns > >> > >> I select the defaults during the interactive install. > >> > >> During installation, everything seems to run fine up to the invocation > >> of pkispawn. I then get the errors: > >> <text> > >> Installing CA into /var/lib/pki/pki-tomcat. > >> Storing deployment configuration into > >> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. > >> Installation failed. > >> > >> ipa : DEBUG stderr=Job for email@example.com > >> failed. See 'systemctl status firstname.lastname@example.org' and > >> 'journalctl -xn' for details. > >> pkispawn : ERROR ....... server failed to restart > >> > >> ipa : CRITICAL failed to configure ca instance Command > >> '/usr/sbin/pkispawn -s CA -f /tmp/tmpwNB5bU' returned non-zero exit > >> status 1 > >> ipa : DEBUG File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > >> line 622, in run_script > >> return_value = main_function() > >> > >> File "/usr/sbin/ipa-server-install", line 1074, in main > >> dm_password, subject_base=options.subject) > >> > >> File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", > >> line 478, in configure_instance > >> self.start_creation(runtime=210) > >> > >> File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > >> 364, in start_creation > >> method() > >> > >> File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", > >> line 604, in __spawn_instance > >> raise RuntimeError('Configuration of CA failed') > >> > >> ipa : DEBUG The ipa-server-install command failed, > >> exception: RuntimeError: Configuration of CA failed > >> Configuration of CA failed > >> </text> > >> > >> the relevant errors from /var/log/pki/pki-ca-spawn.timestamp.log: (the > >> ... skipping... is from the file) > >> <text> > >> ...skipping... > >> y still be down > >> 2013-12-16 18:12:23 pkispawn : DEBUG ........... No connection - > >> exception thrown: Cannot connect to proxy. Socket error: [Errno 111] > >> Connection refused. > >> 2013-12-16 18:12:24 pkispawn : DEBUG ........... No connection - > >> server may still be down > >> 2013-12-16 18:12:24 pkispawn : DEBUG ........... No connection - > >> exception thrown: Cannot connect to proxy. Socket error: [Errno 111] > >> Connection refused. > >> 2013-12-16 18:12:25 pkispawn : DEBUG ........... No connection - > >> server may still be down > >> ... > >> (error repeated 12 more times) > >> ... > >> 2013-12-16 18:12:39 pkispawn : ERROR ....... server failed to > >> restart > >> 2013-12-16 18:12:39 pkispawn : DEBUG ....... Error Type: SystemExit > >> 2013-12-16 18:12:39 pkispawn : DEBUG ....... Error Message: 1 > >> 2013-12-16 18:12:39 pkispawn : DEBUG ....... File > >> "/usr/sbin/pkispawn", line 374, in main > >> rv = instance.spawn() > >> File > >> "/usr/lib/python2.7/site-packages/pki/deployment/configuration.py", > >> line 102, in spawn > >> sys.exit(1) > >> </text> > >> > > > > You are trying it in a container. I do not know whether this makes a > > difference. > > It might be due to the fact that underlying directory server has not > > started. > > Please look at the pki instance DS logs to determine whether the DS > > instance was installed and configured correctly. > > http://www.freeipa.org/page/Troubleshooting#Server_Installation > > Please publish these logs here. > > I'm not entirely sure that IPA works in a container. I think that > Nathaniel looked at this a few months ago but I can't recall his findings.
For me, it mostly just worked with http://fedoraproject.org/wiki/Features/SystemdLightweightContainers. It requires disabling selinux, however, so I eventually abandoned it. Perhaps the selinux problem has been solved by now? Nathaniel _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users